Description:eEye Digital Security has discovered a critical remote vulnerabilitywithin the Symantec firewall product line. A buffer overflow existswithin a core driver component that handles the processing of DNS(Domain Name Service) requests and responses. By sending a DNS ResourceRecord with an overly long canonical name, a traditional stack-basedbuffer overflow is triggered. Successful exploitation of this flawyields remote KERNEL access to the system.

With the ability to freely execute code at the Ring 0 privilege level,there are literally no boundaries for an attacker.

It should also be noted, that due to a separate design flaw in thefirewalls handling of incoming packets, this attack can be successfullyperformed with all ports filtered, and all intrusion rules set.